1 / 17

Pain Point # 6 – BUSINESS PROCESS COMPLIANCE & INTERNAL AUDIT

“THE Godfather of Negotiation Planning” ~ Intel Corp Omid Ghamami PURCHASING AND NEGOTIATIONS EXPERT. Pain Point # 6 – BUSINESS PROCESS COMPLIANCE & INTERNAL AUDIT. 4R Execution Model. 4R Execution Model. R isk: assess current levels of risk in purchasing R eview: with internal audit

frencha
Download Presentation

Pain Point # 6 – BUSINESS PROCESS COMPLIANCE & INTERNAL AUDIT

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. “THE Godfather of Negotiation Planning” ~ Intel Corp Omid Ghamami PURCHASING AND NEGOTIATIONS EXPERT Pain Point # 6 – BUSINESS PROCESS COMPLIANCE & INTERNAL AUDIT

  2. 4RExecution Model

  3. 4R Execution Model • Risk: assess current levels of risk in purchasing • Review: with internal audit • Reflect: perform self audits against your own criteria • Renew: Have Internal audit use as the renewed purchasing audit criteria

  4. Step 1: Assess Current Levels of Risk • A Risk is anything that brings the possibility of negative impact  Time, money, safety, legal, PR, etc. • Purchasing is an inherently risky business • Kickbacks, gratuities • Doing business with friends & relatives • Purchase of unauthorized items • Purchase of items at wrong price • Purchase of too many or not enough items • Spending too much • Hiring a child sweatshop to do work • Hiring a company that dumps toxic chemicals in rivers • Being single or sole sourced with a company that causes supply or manufacturing interruption • Etc. • Controls are needed to mitigate risk

  5. 4 Types of Control • Automated – depends on automated system • Manual – depends on human intervention • Detective – measures risk after it manifests • Preventative – prevents risk from manifesting • Options: • Automated/Detective • Automated/Preventative • Manual/Detective • Manual/Preventative

  6. Purchasing Risk Assessment • Risk Assessments need to be done to ensure risk is well managed in the department • It is important to understand the following about each risk: • Probability of occurrence • Impact of occurrence • Risk Factor = Probability of Occurrence x Impact of Occurrence

  7. Ideal Type of Control • Automated/Preventative is the best type of control • ePurchasing example: • Supplier chosen being under contract • Price paid being correct • Approvals going to the right people • Correct data going to supplier • All of these work properly because of automated/preventative controls! • Doing risk assessments regularly is an important part of running a purchasing department

  8. Controls Examples Detective Preventative Pulling supplier expenditure Reports Training customers on purchasing processes Manual Automated purchasing reports Pre-negotiated ePurchasing shopping basket items; NAICS code blocks on procurement cards Automated

  9. Risk Assessment Steps • ID business process to be assessed • Form cross functional team • Perform risk assessment and ID gaps • Implement gap closing actions • Systemic follow up process

  10. ID Business Process to be Assessed • Can based on many methods: • Internal or department audit findings • Business process being automated • Business process being developed • Response to actual excursions • Time or cost intensive processes • Supply chain process analysis

  11. Form Cross Functional Team • Key players who “touch” the process should be included • Finance, internal customer, purchasing representatives, accounts payable, etc • Internal audit’s input should be solicited • They will not approve the results, but they will give inputs and validate approach

  12. Perform Risk Assessment Process Step Existing Control(s) Risk given existing controls Probability of risk given existing controls Impact of risk manifesting itself WARE: Weighted Average Risk Exposure Decisions What is the business process step being analyzed? Specify existing control(s) & type(s) What risks may manifest with the current controls in place? 0 – 1.0 (0 = no risk, 1 = 100%) 0 – 1.0 (0 = no impact, 1 = max impact) = Probability x Impact ACE: Add, Change, or Eliminate Controls. (or do nothing) Add more process steps…. Note: a third column may be added for “Significance”

  13. Implement Gap Closing Actions • Prioritize the Weighted Average Risk Exposure (WARE) areas • Bigger # = bigger exposure • Not all WAREs need to be addressed • Balance the proposed control against total cost and feasibility considerations • Document and drive closure on key decisions • The goal is to balance Risk, Agility, and Total Cost

  14. Step 3: Perform Self Audits Against Your Own Criteria • Integrate into department policies, procedures, or documentation • Engage in regular self audit and peer review process • Quarterly is a good frequency • The best time to get “caught” is when you are auditing yourself or your peers • View this as a constructive continuous improvement process • The alternative is having internal audit call the shots!!

  15. Step 4: Have Internal Audit use as the Renewed Purchasing Audit Criteria • Remember – Internal Audit doesn’t know purchasing! • Give them a copy of your risk assessment matrix before they come • They will reassess to ensure the document is still effective, and will use to perform audit • But they will never tell you this! • They still reserve to right to have other findings, but usually won’t (if your RA was done well) • The internal audit shifts from being an unpleasant surprise to just another audit against your own criteria!

  16. Call To Action • Risk: assess current levels of risk in purchasing • Review: with internal audit • Reflect: perform self audits against your own criteria • Renew: Have Internal audit use as the renewed purchasing audit criteria

  17. “THE Godfather of Negotiation Planning” ~ Intel Corp Omid Ghamami PURCHASING AND NEGOTIATIONS EXPERT Thank you for watching!www.PurchasingAdvantage.com1-888-TCO-4889 1-888-826-4889

More Related